Security News

Microsoft Security Bulletins Coverage (Sept 13, 2011)

By

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of September, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege (2571621)

  • CVE-2011-1984 WINS Local Elevation of Privilege Vulnerability
    Local vulnerability.

MS11-071 Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)

  • CVE-2011-1991 Windows Components Insecure Library Loading Vulnerability
    IPS: 5726 – Possible Binary Planting Attempt

MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)

  • CVE-2011-1986 Excel Use after Free WriteAV Vulnerability
    GAV: Malformed.xls.MP.2
  • CVE-2011-1987 Excel Out of Bounds Array Indexing Vulnerability
    GAV: Malformed.xls.MP.3
  • CVE-2011-1988 Excel Heap Corruption Vulnerability
    GAV: Malformed.xls.MP.4, Malformed.xls.MP.5, Malformed.xls.MP.6
  • CVE-2011-1989 Excel Conditional Expression Parsing Vulnerability
    GAV: Malformed.xls.MP.7
  • CVE-2011-1990 Excel Out of Bounds Array Indexing Vulnerability
    GAV: Malformed.xls.MP.8

MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)

  • CVE-2011-1980 Office Component Insecure Library Loading Vulnerability
    IPS: 5726 Possible Binary Planting Attempt
  • CVE-2011-1982 Office Uninitialized Object Pointer Vulnerability
    GAV: Malformed.doc.MP.3

MS11-074 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

  • CVE-2011-0653 XSS in SharePoint Calendar Vulnerability
    IPS: 6753 – Generic Cross-Site Scripting (XSS) Attempt 8
  • CVE-2011-1252 HTML Sanitization Vulnerability
    IPS: 6797 MS IE toStaticHTML XSS 3
  • CVE-2011-1890 Editform Script Injection Vulnerability
    IPS: 1868 Generic Cross-Site Scripting (XSS) Attempt 21
  • CVE-2011-1891 Contact Details Reflected XSS Vulnerability
    IPS: 1849 Generic Cross-Site Scripting (XSS) Attempt 20
  • CVE-2011-1892 SharePoint Remote File Disclosure Vulnerability
    IPS: 1856 SharePoint Remote File Disclosure
  • CVE-2011-1893 SharePoint XSS Vulnerability
    IPS: 1369 Generic Cross-Site Scripting (XSS) Attempt 1, 6752 Generic Cross-Site Scripting (XSS) Attempt 7
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Microsoft Security Bulletin Coverage for August 2020
Oracle Java Runtime TTF BO (March 9, 2012)
Onkods social engineering spam campaign continues (Mar 28, 2014)
Netgear ProSAFE NMS300 SQLi Vulnerability
Malicious PDF delivering Xworm 3.1 payload
Apple QuickTime QTPlugin Code Execution (Sept 2, 2010)
HP LoadRunner ActiveX Control Vulnerability (Sep 27, 2013)
Cybersecurity News & Trends - 09-04-20